Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Consumer Grade - IPV6 Enabled Router Firewalls.

  • From: Owen DeLong
  • Date: Mon Dec 14 13:08:13 2009 
UPnP is a bad idea that (fortunately) doesn't apply to IPv6 anyway.

You don't need UPnP if you'r not doing NAT.
wishful thinking.

you're likely to still have a staeful firewall and in the consumer space
someone is likely to want to punch holes in it.
Yes, SI will still be needed. However, UPnP is, at it's heart a way to allow
arbitrary unauthenticated applications the power to amend your security
policy to their will. Can you possibly explain any way in which such a
thing is at all superior to no firewall at all?

I would argue that a firewall that can be reconfigured by any applet a user
clicks on (whether they know it or not) is actually less useful than no
firewall because it creates the illusion in the users mind that there is a
firewall protecting them.

Owen





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.